Introduction
The ExpoPlatform Public API is a web-based API that allows direct access to data stored within the platform, which is shipped as part of the web frontend.
To protect user data, the API uses basic access authentication. In order to access any data inside of the platform through the API, you will need to insert your API KEY in the header section, as the example below illustrates:
Authorization: Basic tf4Si1LydYpTAPyHXUgjig72jlrd5HpIJL5oigmc
Overall Recommendations
For each of the data entries, EP’s API Manager must generate a unique key, and after each show cycle, it must be turned off, even if the third-party provider remains the same. This is done to ensure that ExpoPlatform will receive data for a specific environment only during the expected time period.
Key Sharing
API Keys must be shared in Google Docs, with access allowed only for restricted personnel in the 3rd party responsible for the API Development and EP’s Lead TAM. They must be shared in a dedicated email, always copying the Lead TAM assigned to the project as well as ExpoPlatform’s main organiser point of contact.
Key Life Cycle
Each API Key is bound to its purpose within our event cycle, therefore, at the end of the shows, the key will be turned off, in accordance with ExpoPlatform processes.
API Key Deletions
API Keys can only be deleted if the organiser is changing suppliers.
In this specific case, not only the OpenAPI Keys, but any given other provided key must be turned off or regenerated.
The organiser must also reach out to the event Lead TAM, asking them to revoke any given Admin Access that might have been granted, ensuring that all methods of accessing ExpoPlatform are deleted.